O'Reilly addresses crypto laws

O'Reilly today posted an update of its server software to fix a crypto bug that was making more than 60,000 secure Web sites potentially inaccessible to users of new versions of Netscape Communications' Navigator.

O'Reilly's WebSite Professional 2.3.9 is designed to fix a problem that didn't become apparent to O'Reilly or its users until Netscape corrected what both O'Reilly and Netscape described as a technical violation of the U.S. laws governing the export of cryptography technology.

Microsoft's Internet Explorer browser remains in violation of the regulations, according to both Netscape and O'Reilly. Microsoft denies that assertion.

The problem with WebSite Professional, and the purported export regulation
violations, concern the security protocol known as Secure Sockets Layer
SSL.
SSL, which lets Web sites and browsers exchange encrypted data such as credit card numbers, has two parts: a key exchange (or "handshake") phase, in which the browser and server negotiate how they will encrypt the actual data, and a data encryption phase.

Because of U.S. government export regulations, there are different limits on the strength of the cryptography for export and domestic products. For the data exchange phase, browsers and servers intended for export outside the U.S. and Canada can use up to 40-bit strength crypto. For the handshake phase, the limit is 512 bits.

The trouble with the domestic-strength (that is, the stronger version) WebSite Professional is that without today's update it offers export-strength (weaker) browsers a 1024-bit handshake, instead of a 512-bit handshake. That, O'Reilly
acknowledges, is a violation of the export regulations.

On the client side of the exchange, exportable versions of both Netscape's Navigator browser--except for versions 4.06 and above--and Microsoft Internet Explorer accept that 1024-bit handshake.

Now that Netscape is in compliance with the regulations, it is prodding Microsoft to follow suit.

"Microsoft knows they're not in compliance with export regulations," said
Michael Mullany, product manager for Mission Control at Netscape. "They
should go fix IE."

O'Reilly weighed in with a similar assessment of Microsoft's position vis-a-vis the export rules.

"Technically, it's a violation of the export-strength restrictions," said Robert Denny, O'Reilly's lead developer for WebSite Professional. "Microsoft is being more lenient than they probably should be."

"There is nothing here that is an actual export violation," said Jason Garms, product manager for Windows NT security. "We take compliance with government export laws very seriously."

Garms noted that Microsoft had applied for and was granted export approval
by the Commerce Department for IE, even with the 1024-bit handshake.

Regarding the handshake phase of an SSL session, the crypto export
regulations state: "The key exchange used in data encryption must be...a public key algorithm with a key space less than or equal to a 512-bit modulus...."

Garms noted that versions of SSL prior to SSL 3 did not support the so-called stepping down, in which a domestic-strength server would offer export-strength browsers a 512-bit handshake. So for SSL versions 1 and 2, a 1024-bit handshake was the only possible variety. When SSL 3 was introduced with the downward negotiation capability, offering 1024-bit handshakes remained common practice, according to Garms.

So when Netscape brought its browser up to code, users with export-strength
Navigator versions 4.06 and above found themselves unable to handshake with
sites running WebSite Professional.

For sites that adopt O'Reilly's upgrade, the problem should disappear. For its part, Microsoft it sticking by its guns.

"We currently have no plans to make any changes to the protocols that we're
shipping in this area," Garms said.

"It is the
responsiblity of the U.S. government, not our competitors, to determine if
we're in compliance with U.S. export policies," he added.

Netscape's Mullany, while reiterating his view that Microsoft was noncompliant, noted that the handshake was the less important of the two SSL stages.

"We and Microsoft too, as far as I know, have always been in compliance for
the important part of SSL, which is the data transfer," Mullany said. "The U.S. government really cares that we're compliant with that. The key exchange is not as important."